From owner-freebsd-questions@freebsd.org  Tue May 18 20:01:26 2021
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 41187656568
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Tue, 18 May 2021 20:01:26 +0000 (UTC)
 (envelope-from tomek@cedro.info)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com
 [IPv6:2a00:1450:4864:20::533])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Fl6MS6M5tz4nY0
 for <freebsd-questions@freebsd.org>; Tue, 18 May 2021 20:01:24 +0000 (UTC)
 (envelope-from tomek@cedro.info)
Received: by mail-ed1-x533.google.com with SMTP id r11so12619362edt.13
 for <freebsd-questions@freebsd.org>; Tue, 18 May 2021 13:01:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=93x+kxNQ90WUygzRf4nL7j6Y1NUWmBgjzkrGuJESVzU=;
 b=HnyypK5xCto9CJspP63tpIW3Q7R6W8jTLVdy2JxtoJoVFQMr1aCdsKtPhIDdwEGHuP
 3JxqoB1z207olM1Kl+rKbZwrOS4WJUu4qj1Lh+wYktkJgYmOIkORGft+F+Wh0v4V5rDD
 E945xbzFDuwKefXXRf4Pl/96YB/SAn73pEH7gHYsawISSoa/IsKOSMuu1mhpU+gyrbVZ
 NsbuEAq4PMz2qZccumf8JsnNWWIenOamMszNe6NBE+CTZgQiQMG4tv5/+0pjGHstxE2Q
 JBsnWxez/5DqD4W26juDiJmqAgrSRRntdsNntvEkWrnj/tR65jZxY40iIr83OmV4rr+g
 jmIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=93x+kxNQ90WUygzRf4nL7j6Y1NUWmBgjzkrGuJESVzU=;
 b=X4rITLYoiDGyJylwWJNRq1iTLMu2trfOF7O9c4hXoFVhVst73ZGFyYIDfUc4ufQtMU
 +LmkEqlKiPfJnnvPtmG6baAtx0/nFkx1VHYppNUlTgeH7MvuLNjJlEQaOErvFv18wDOM
 KObRjPL0i4anSrQnOTq236j45tTbpYLvihw7bimCuSCNGYHt+SJ6TQL4pM6vmciwkOf4
 q9sTKMNYvvgw3380AUKU+xA6OxBieIykW9RY8Horx2bmESNf3fchRlO0DFhPQKYrq0Pl
 kSN3IwdYbSfAhWE5jGEPFdr/a11rcj5l/gnvtFgvlQu5948WqX/2ZQxg2bvIALjwGn/M
 lMyQ==
X-Gm-Message-State: AOAM5320YI3TZjUWuZ4Gccy7QffDP0QHftk1RJ2FLGGTIpjTPCwQi2+H
 VOnpBsTS5Gf3+CVC/d91MOj5zmhoEzHPYfv4RhBokQ==
X-Google-Smtp-Source: ABdhPJxopALfa2Sa6ag2jnSzogfHRLoTwjNQTr1hoWtZT9Mbq18b7mm1oYbc6lDh+kLUTaAcp9hdlwbMue9Byunxm50=
X-Received: by 2002:a05:6402:111a:: with SMTP id
 u26mr8905858edv.260.1621368083557; 
 Tue, 18 May 2021 13:01:23 -0700 (PDT)
MIME-Version: 1.0
References: <ED008A9A-A5BE-4BEB-B636-D60295F59C8A@gmail.com>
 <CAM8r67CD1Sd9nFz=1Wrui414eVUNuRMRkOJp4BONeO+gep2zMA@mail.gmail.com>
In-Reply-To: <CAM8r67CD1Sd9nFz=1Wrui414eVUNuRMRkOJp4BONeO+gep2zMA@mail.gmail.com>
From: Tomasz CEDRO <tomek@cedro.info>
Date: Tue, 18 May 2021 22:01:05 +0200
Message-ID: <CAM8r67Az+NG2qRui3LDmzx4TEnRjEqwp8dim2_dL=Ds6sdjzQA@mail.gmail.com>
Subject: Re: Can non-root user create/start services?
To: K Lu <kludev@gmail.com>
Cc: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 4Fl6MS6M5tz4nY0
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=cedro.info header.s=google header.b=HnyypK5x;
 dmarc=none;
 spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when
 checking 2a00:1450:4864:20::533) smtp.mailfrom=tomek@cedro.info
X-Spamd-Result: default: False [-0.30 / 15.00]; RCVD_TLS_ALL(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google];
 NEURAL_HAM_MEDIUM(-0.98)[-0.983]; FROM_HAS_DN(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::533:from];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 DMARC_NA(0.00)[cedro.info];
 SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::533:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[cedro.info:+]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::533:from];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_SPAM_LONG(0.98)[0.979];
 R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[gmail.com];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 SUBJECT_ENDS_QUESTION(1.00)[];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2021 20:01:26 -0000

On Tue, May 18, 2021 at 9:58 PM Tomasz CEDRO wrote:
> In general Unix always separates root (administrator tasks) from users
> (non administrative tasks). This is why "gaining root" as
> standard/restricted user is always the most interesting part ;-)

Clarification - any way for your user to perform root operations is
also a good way for others to perform root actions - this is usually a
serious security threat and you want avoid that :-)

-- 
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info